Hardening Plone, a military-strength CMS
Upcoming SlideShare
Loading in...5
×
 

Hardening Plone, a military-strength CMS

on

  • 3,602 views

Talk given by Kim Chee Leong and Kees Hink at the 2009 Plone Conference in Budapest (PloneConf2009)

Talk given by Kim Chee Leong and Kees Hink at the 2009 Plone Conference in Budapest (PloneConf2009)

Statistics

Views

Total Views
3,602
Views on SlideShare
2,894
Embed Views
708

Actions

Likes
2
Downloads
27
Comments
0

5 Embeds 708

http://www.leong.nl 667
http://localhost 26
http://www.slideshare.net 11
http://translate.googleusercontent.com 3
http://www.slashdocs.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Hardening Plone, a military-strength CMS Hardening Plone, a military-strength CMS Presentation Transcript

  • Hardening Plone A Military-Strength CMS
  • Hardening Plone Hardening the Plone stack A Military-Strength CMS A Military-Strength CMS and its infrastructure 2
  • Class rules ● Feel free to ask questions 3
  • About us ● Kees Hink ● Plone developer since January 2008 ● Kim Chee Leong ● Plone developer since May 2007 4
  • Introduction ● This talk is about: ● Making the Plone stack even more secure ● Not much about Plone itself ● How to get others to acknowledge that it's secure ● For who? ● New to Plone ● Marketing ● Developers 5
  • Overview of sections ● Why security? ● Our use case ● Plone ● Infrastructure ● Audits (and feedback) 6
  • The internet is evil ● Have to protect against: ● Cross site scripting ● Unencrypted connections ● Spoofing ● Password cracking ● Mail interception ● Server hacking ● SQL injection 7
  • SQL Injection Comic by XKCD: http://xkcd.com/327/ 8
  • Our use case ● Two portals: ● Plone as a DMS for online collaboration – Largely standard Plone – Alternative to Sharepoint – Sensitive data ● Plone as a user friendly file upload system – Document upload by suppliers – User friendly upload 9
  • Security of default Plone ● Plone (Zope) is pretty secure by default ● Quantitative comparison: – Track number of hits on Google – See nr. of vulnerabilities in the National Vulnerability Database ● Qualititative comparison: – See article “security overview of plone” on plone.org 10
  • Small Plone modifications ● Disable self- registration ● Workflow + permissions ● Additional Products – Aagje (activity log) – LoginLockout 11
  • How to protect? ● Let's start with a secure location 12
  • Infrastructure ● Secure hosting ● Trusted hosting partner ● Secure hosting ● Dedicated servers ● Operating system ● Security updates ● Company procedures ● Who has access? 13
  • ● Only HTTPS port is opened to the internet ● VPN-only access for all except HTTPS 14
  • Infrastructure: OS ● Modifications on Debian Linux to enhance security – Different system user for each Zope instance – Regular security update – Tighten filesystem permissions 15
  • Infrastructure: Web server ● Apache – HTTPS – Get an SSL certificate (Thawte, VeriSign) – No rewrite rule for Zope root – Keep log files 16
  • SSL certificate 17
  • Just to keep your attention 18 http://xkcd.com
  • Audits ● Document your procedures ● We are using parts of ITIL ● Get audits ● Technical audit ● Process audit 19
  • Technical security audit ● Done by 3rd party ● They have a checklist ● They report back in a structured way ● Black box audit ● From outside, on Plone portal ● Crystal box audit ● On server, with root access ● Check user permissions, etc. 20
  • Recommendations for Plone ● Plone itself is pretty secure ● Modifications: ● Quota (file upload limit) ● Cookie settings (HTTPOnly, Secure), fixed with Apache ● And, of course: ● disable self-registration, check workflow, permissions, use LoginLockout 21
  • Recommendations outside Plone ● Modifications: ● Use HTTPS only (no redirects from HTTP) ● Paranoid user permission restrictions ● Caching header control ● And, of course: ● secure hosting, VPN, security updates, etc. 22
  • Technical audit final result ● We implemented these recommendations for the next audit, which was tested again and approved: 23
  • Process security audit ● Done by our client's accountants ● Check processes: ● Talk about our server management documents (esp. security-related) ● Talk about certification of hosting partner ● Talk to technical auditing party ● Talk to us, again... 24
  • Recommendations for Plone ● Confidentiality and user agreement 25
  • Process audit final result ● We passed! 26 Image by Getty images
  • Wrapping up ● Done: ● Think about how to secure our existing setup even more ● Have specialists check our setup + procedures ● Implement their recommendations ● Result: Plone is officially 100% secure. 27
  • Remaining questions? 28